Ethical Hacker Community Forums

We're proud to be able to bring you the first article in this great, new column from Craig Heffner. This column is aimed squarely at those in the InfoSec field who are tired of hearing that you truly can't be a security professional without knowing how to code.

Permanent Link: [Article]-Intro to C (http://www.ethicalhacker.net/content/view/141/24/)

Please be sure to add your comments and suggestions for future articles as Craig is more than willing to please the masses.

Don

Submitted to digg. Please help gets Craig's new column off to a running start:

http://digg.com/security/Intro_to_C_Programming_for_the_Ethical_Hacker

Click on the above link, then click "digg it" under the big yellow number.

Don

Good refresher, really enjoyed it a lot. Craig explained the basic of C in a clear and concise fashion. I would love to see more related articles and advance C topics  from Craig in the near future.

Haven't had a chance to read through the full thing yet, hopefully sometime tonight or definitely tomorrow. Looks like an excellent and very well done tutorial though. Thanks! :)

Hi

Nice article, would love to see some articles in basic assembly coding in C

Cheers
Vp75

Hi. You should probably take the time to learn the language before attempting to teach it.


This is not correct and does not do what you want, you end truncating a pointer to 8-bits and the value is stored in the variable a, as "a" denotes a pointer to the string "a\0", what you probably meant was:



main never returns void, it always returns int, if you turned on warnings (which you should be doing, especially considering your being unfamiliar with the language), you would get a warning here. int is the only ISO/IEC standards compliant return value.


why the hell are you copying 200 bytes? "some long string" is no where close to 200 bytes regardless of character set. You actually read outside the bounds of buff1, which can have any number of potential implications, most likely that you potentially leak data you didnt mean to (i.e. stack cookie), or potentially crash due this bad read. This code should read:



This actually reads 5 bytes.

Finally, don't return 0/-1/et cetera, return EXIT_SUCCESS/EXIT_FAILURE, while it's likely that these values expand to 0/-1 they don't necessarily. Please go read the standard and use the language for longer than a week before attempting to teach people C incorrectly. kthx

@jnf:

Thank you for your corrections; you are correct, void main() is a no-no, and I should have used single quotes for the "char a" declaration. However, I have to disagree with you on your last two corrections:


The strncpy man pages indicate (http://www.opengroup.org/onlinepubs/007908799/xsh/strncpy.html) that strncpy will copy a maximum of 200 bytes from buff1 to buff2. It will stop copying data from buff1 once a null character is encountered (i.e., the end of the source string); if the data copied is less than 200 bytes (which it is here), then strncpy will pad the remaining data with null bytes, so no data beyond the buff1 data will be stored in buff2. Your alternate example is correct as well, but not necessary.


Not according to the fgets man page: "fgets() reads in at most one less than size characters from stream and stores them into the buffer pointed to by s...a '\0' is stored after the last character in the buffer." So by telling fgets to read 5 bytes, it will actually read in 4 bytes and set the fifth byte to 0x00. The article actually points this out when describing the fgets() function:


The use of EXIT_SUCCESS and EXIT_FAILURE is also a good suggestion, particularly if you need to write code for multiple platforms.

In the near future you should write an article just on pointers.


Nice article, thanks!

True and well said.  ;D

Why do you want to ignore the first byte that is read?


int main(int argc, char *argv[])
{
     /*Declare our variables. Data will be read into buff.
     Because we want to ignore the first byte that is read, we set buff_ptr to point one byte
     beyond the beginning of the buff character array.*/
     char buff[5];
     char *buff_ptr = buff+1;

hello,

If I am posting in the worng place I am sorry, I know nothing.

I am beginning the  tutorial, I have downloaded and installed Dev c++
I am running winxp Pro SP2 with all the upadates available...

when I compile and run the first example:

#include <stdio.h>
int main(int argc, char *argv[]){
printf("The name of this program is: %s\n",argv[0]);
return 0;
}

a small black system prompt box appears for about 1/4 of a second and then disappears.
It is gone before I can see if there is even writing in it.

is there a line I can add to... printf that defines the amount of time the output is displayed? 

Or is this a setup problem where I need to change something?

Thank you for any help,

Hi,

It sounds as though you are double clicking on the executable.

Open a command prompt and CD to the directory where you saved the file.

Run it from the command line: C:\>app_name.exe [enter]

HTH,

dean

hahahha :)

Thank you for the advice, I wasn't actually double clicking the .exe but I was compiling and running from within Dev c++...

when I ran it from the command prompt it worked great.

Thank you for taking the time.